package com.example.nacosconsumer.Config;

import com.example.nacosconsumer.util.MyInvalidSessionStrategy;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) throws Exception {
        http.exceptionHandling().accessDeniedPage("/forum/unAuth"); //配置无权限跳转到登录页
        http.logout().logoutUrl("/quit");
        http.authorizeRequests()
                .antMatchers("/static/**","/templates/**","/updateHeadshotPath","/forum/unAuth").permitAll() // 指定 URL 无需保护。
                .anyRequest() .authenticated();// 其他请求都必须认证
        http.logout().logoutSuccessUrl("http://localhost:8070/login");  //配置注销成功后的跳转到登录页
        http.csrf().disable();
        //http.sessionManagement().invalidSessionUrl("/login"); //配置会话过期策略
        http.sessionManagement().invalidSessionStrategy(new MyInvalidSessionStrategy());

    }
}
